chore(release): bump package versions

[halvaradop]

Description

This pull request publishes new releases of the packages to both npm and JSR registries:

• @aura-stack/auth@0.5.0
• @aura-stack/jose@0.4.0

Registries

NPM

• https://www.npmjs.com/package/@aura-stack/auth
• https://www.npmjs.com/package/@aura-stack/jose

JSR

• https://jsr.io/@aura-stack/auth
• https://jsr.io/@aura-stack/jose

These releases introduce new APIs, expanded OAuth provider support, and multiple security improvements, including built-in secure comparisons. Additionally, configuration via environment variables has been enhanced, allowing users to define authentication behavior either programmatically or through environment-based configuration.

Overall, these updates improve compatibility with OAuth providers, strengthen security practices, and enhance the developer experience for both users and contributors.

Key Changes

@aura-stack/auth

• fix(core): fix incorrect behavior when enabling logger #120
• feat(core): expose server-side signIn via createAuth.api #117
• feat(core): add ALL HTTP handler to centralize GET and POST handling #115
• feat(core): introduce createAuthClient API #114
• feat(core): introduce api object via createAuth #112
• perf(core): precompute cookie store for request handling #111
• feat(core): introduce OAuth provider configuration API #109
• feat(core): read auth configuration from environment variables #108
• feat(core): add timingSafeEqual for constant-time comparison #99
• feat(oauth): add Atlassian OAuth provider #60
• feat(oauth): add Dropbox OAuth provider #59
• feat(oauth): add Notion OAuth provider #49
• feat(oauth): add Twitch OAuth provider #47

@aura-stack/jose

• feat(jose): add type-safe payload support to signing functions #116

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
auth-nextjs-demo	Error		Mar 19, 2026 7:05pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
auth	Skipped		Mar 19, 2026 7:05pm

[coderabbitai]

Warning

Rate limit exceeded

@halvaradop has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 47 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8362c837-7cb4-4a0e-9b39-a57259a1c4bc

📥 Commits

Reviewing files that changed from the base of the PR and between 67bbf69 and 8f7fae5.

📒 Files selected for processing (1)

• packages/core/CHANGELOG.md

📝 Walkthrough

Walkthrough

Version bumps for @aura-stack/core (0.4.0 → 0.5.0) and @aura-stack/jose (0.3.0 → 0.4.0) with updated OAuth export mappings in core's package manifest. OAuth providers now have explicit subpath exports, and import paths across OAuth modules are standardized to TypeScript extensions.

Changes

Cohort / File(s)	Summary
Core Package Release packages/core/CHANGELOG.md, packages/core/package.json	Version bumped to 0.5.0 with changelog entry added for the new release.
Core OAuth Exports Refactoring packages/core/deno.json	Version bumped to 0.5.0; OAuth exports changed from wildcard glob to explicit index.ts entry point, with new explicit subpath exports added for 14 individual OAuth providers (atlassian, bitbucket, discord, dropbox, figma, github, gitlab, mailchimp, notion, pinterest, spotify, strava, twitch, x); new ./client export added.
OAuth Provider Import Updates packages/core/src/oauth/atlassian.ts, packages/core/src/oauth/dropbox.ts	Type-only import paths updated from .js to .ts extensions for @/@types/index.
Jose Package Release packages/jose/CHANGELOG.md, packages/jose/deno.json, packages/jose/package.json	Version bumped from 0.3.0 to 0.4.0 with corresponding changelog entry added.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore(release): bump package versions #94: Version bump release update for the same packages (@aura-stack/core and @aura-stack/jose), touching identical manifest and changelog files.

Suggested labels

release

Poem

🐰 The packages grow and exports bloom,
From four-point-oh to five with room,
OAuth paths now clearly shine,
Each provider marked with .ts line,
A rabbit's release, pristine and fine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore(release): bump package versions' directly and accurately describes the main change—updating package versions for @aura-stack/auth and @aura-stack/jose.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/bump-packages

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/core/CHANGELOG.md`:
- Line 13: The changelog entry header currently reads "## [0.4.0] - 2026-03-19"
but should match the package version bump to 0.5.0; update that header to "##
[0.5.0] - 2026-03-19" so it no longer duplicates the earlier 0.4.0 entry and
aligns with the version changes in package.json/deno.json.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bc62ab65-d955-4df0-9a58-953b488fddc4

📥 Commits

Reviewing files that changed from the base of the PR and between eda62ea and 67bbf69.

📒 Files selected for processing (8)

• packages/core/CHANGELOG.md
• packages/core/deno.json
• packages/core/package.json
• packages/core/src/oauth/atlassian.ts
• packages/core/src/oauth/dropbox.ts
• packages/jose/CHANGELOG.md
• packages/jose/deno.json
• packages/jose/package.json